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FOREWORD 

This  Aerospace  Systems  Survivability  Handbook  Series  is  designed  to  provide  its  users  with 
insight  into  the  key  activities  performed  by  survivability  personnel  in  support  of  aerospace 
systems  acquisition.  The  series  is  not  a  specification  or  standard  but  rather  a  “how-to”  guide  for 
all  survivability  managers,  engineers,  and  analysts  associated  with  survivability  activities  likely 
to  be  needed  on  any  program,  government  or  commercial. 

Some  of  the  material  used  in  the  handbook  series  has  been  adapted  from  various  sections  of  the 
Department  of  Defense  (DoD)  Deskbook,  Internet  links,  and  survivability  documents  produced 
by  the  Joint  Technical  Coordinating  Group  on  Aircraft  Survivability  (JTCG/AS),  under  the 
sponsorship  of  the  Joint  Aeronautical  Commanders’  Group  (JACG).  The  Service  laboratories 
and  centers  also  produced  source  documents.  This  handbook  series  emphasizes  the  requirement 
for  integrated  teamwork  of  survivability  management,  engineering,  test  and  evaluation,  and 
systems  analysis  in  order  to  accomplish  a  successful  systems  acquisition. 

The  handbook  series  (JTCG/AS  Project  A-8-01,  Acquisition  Deskbook  Survivability  Section 
Rewrite)  was  prepared  for  the  JTCG/AS  under  the  sponsorship  of  the  Principal  Members 
Steering  Group  (PMSG)  and  directed  by  LTC  Charles  R.  Schwarz,  Director,  JTCG/AS.  The 
handbooks  were  drafted  by  Hubert  (Hugh)  Drake,  SRS  Technologies,  under  contract  to  the 
Naval  Air  Warfare  Center  Weapons  Division,  China  Lake,  CA.  As  the  Contract  Technical 
Monitor,  Dave  Hall  provided  guidance  and  initial  review.  The  following  working  group 
members  provided  oversight: 

Dale  Atkinson,  Institute  for  Defense  Analysis 
Dr.  Bob  Ball,  Naval  Postgraduate  School 
Kevin  Crosthwaite,  Director,  SURVIAC 
Tom  Julian,  DOT&E/LFT 
David  Legg,  Naval  Air  Systems  Command 
Tracy  Sheppard,  University  of  Texas 
Lowell  Tonnessen,  Institute  for  Defense  Analysis 
Jerry  Wallick,  Institute  for  Defense  Analysis 
Phil  Weinberg,  JTCG/AS  Central  Office 
Michael  Weisenbach,  JTCG/AS  Central  Office 

Special  recognition  goes  to  Donna  Egner  and  Linda  Ryan  for  providing  copies  of  reference 
documents  from  SURVIAC. 

Reviewed  and  released  by: 


Lieutenant  Colonel  Charles  R.  Schwarz 
Director,  JTCG/AS 
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ACAT 

Acquisition  Category 

APU 

Auxiliary  Propulsion  Unit 

ATD 

Advanced  Technology  Demonstration 

CAIV 

Cost  as  an  Independent  Variable 

CFE 

Contractor-Furnished  Equipment 

CM 

Configuration  Management 

CM 

Countermeasures 

CDRL 

Contract  Data  Requirements  List 

DAD 

Defense  Acquisition  Deskbook 
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Defense  Acquisition  Executive 

DoD 

Department  of  Defense 

DSMC 

Defense  Systems  Management  College 

DT 

Development  Test 

DT&E 

Developmental  Test  and  Evaluation 

ECP 

Engineering  Change  Proposal 

EO 

Electro-optical 

EW 

Electronic  Warfare 

GFE 

Government-Furnished  Equipment 

HAZMAT 

Hazardous  Materials 

HITL 

Hardware-in-the-Loop 

HW/SWIL 

Hardware/Software-in-the-Loop 

INCOSE 

International  Council  on  Systems  Engineering  , 

IOT&E 

Initial  Operational  Test  and  Evaluation 

IPPD 

Integrated  Product  and  Process  Development 

IPT 

Integrated  Product  Team 

IR 

Infrared 

IRCM 
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Joint  Aeronautical  Commanders’  Group 
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LO 

Low  Observables 

M&S 

Modeling  and  Simulation 

MDA 

Milestone  Decision  Authority 

MF 

Measurement  Facility 

MNS 

Mission  Need  Statement 
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MOE 

Measure  of  Effectiveness 

MOP 

Measure  of  Performance 

OAR 

Open-Air  Range 

OIPT 

Overarching  Integrated  Product  Team 

ORD 

Operational  Requirements  Document 

OT&E 

Operational  Test  and  Evaluation 

PIPT 

Program  Integrated  Product  Team 

PM 

Program  Manager 

RCS 

Radar  Cross  Section 

RF 

Radio  Frequency 

RFI 

Request  for  Information 

RFP 

Request  for  Proposal 

SE 

Systems  Engineering,  Systems  Engineer 

SEIPT 

Systems  Engineering  Integrated  Product  Team 

SEMP 

Systems  Engineering  Management  Plan 

SIL 

System  Integration  Laboratory 

SIPT 

Survivability  Integrated  Product  Team 

SURVIAC 

Susceptibility/Vulnerability  Information  Analysis  Center 

TEMP 

Test  and  Evaluation  Master  Plan 

T&E 

Test  and  Evaluation 

V/STOL 

Vertical/Short  Take-off  and  Landing 

W&A 
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WBS 
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WIPT 
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EXECUTIVE  SUMMARY 


This  volume  outlines  the  role  of  survivability  as  it  evolves  over  the  system  life  cycle  as  an 
integral  part  of  the  systems  engineering  process.  The  topic  is  especially  pertinent  today  because 
emerging  technologies  are  revealing  unprecedented  opportunities  for  bringing  new  and  improved 
systems  and  products  into  being  that  will  be  more  competitive  in  the  private  and  public  sectors 
worldwide.  These  technologies  are  expanding  physically  realizable  design  options  and  enhancing 
cost-effective  capabilities.  The  purpose  of  design  and  analysis  engineering  activities  is  to 
determine  how  physical  factors  may  be  altered  to  create  the  most  utility  for  the  least  cost. 

The  objective  is  to  design  the  system  to  minimize  losses  when  it  operates  in  a  manmade  hostile 
environment.  Designing  to  meet  survivability  requirements  means  considering  an  optimum  mix 
of  susceptibility  and  vulnerability  designs  for  low  susceptibility  and  low  vulnerability.  The  goal 
is  to  develop  and  demonstrate  protection  technologies  required  to  ensure  survivable  operation  of 
warfighting  assets  in  both  the  natural  space  environment  and  the  hostile  warfighting 
environment.  Specifically,  the  survivability  program  evaluates  through  high-fidelity  subsystem 
and  system  models  the  effects  of  the  threats  on  U.S.  and  allied  systems,  and  then  develops  and 
demonstrates  the  efficacy  of  multithreat  protection  techniques  against  those  threats. 

The  initial  focus  of  survivability  engineering  and  analyses  is  to  develop  and  define  survivability- 
related  design  factors  based  on  a  firsthand  understanding  of  user  needs  and  of  survivability 
technical  challenges.  This  activity  consists  of  the  selective  application  of  survivability 
engineering  and  analyses  planned  for  the  program.  The  contractor  should  propose  an  appropriate 
survivability  process  that  will  properly  manage  risk  in  the  program  and  that  encompasses 
interface  with  the  Integrated  Product  and  Process  Development  (IPPD)  process  as  an  integral 
member  of  the  Integrated  Product  Team  (IPT). 

The  volume  also  describes  a  planned  series  of  survivability  analyses  necessary  to  support 
survivability  engineering.  Steps  are  outlined  to  ensure  that  all  primary  system  functions  and 
elements  of  a  proposed  system  concept  or  design  are  examined  to  determine  the  survivability  that 
is  required  to  protect  the  system  over  its  life  cycle.  The  iterative  application  of  survivability 
analyses  described  herein  will  balance  survivability  requirements  to  ensure  the  development  of 
the  most  cost-effective  system  over  its  life  cycle. 

The  technical  approach  includes: 

•  Definition  of  the  threat  (hostile  and  natural,  including  space  debris  for  space  operations). 

•  Development  with  users  of  program  survivability  requirements. 

•  Performance  of  susceptibility  and  vulnerability  experiments  at  various  levels  of 
integration. 
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•  Selection  or  development  where  necessary  of  models  or  analytic  techniques  for 
extrapolating  data  to  higher  levels  of  system  interaction. 

•  Performance  of  trades  for  survivability  enhancement  options. 

•  Development  of  survivability  enhancement  techniques  based  on  those  performance 
trades. 

•  Demonstration  of  those  techniques  on  appropriate  subsystems. 

Survivability  enhancement  as  it  is  discussed  herein  focuses  on  the  design  of  survivable  aerospace 
vehicles,  enumerating  the  steps  that  must  be  taken  to  ensure  that  survivability  considerations  are 
taken  into  account  during  systems  engineering  of  all  aspects  of  aerospace  vehicles.  The 
developer  can  optimize  survivability  only  by  applying  vulnerability  and  susceptibility  analyses  in 
the  application  of  survivability  reduction  concepts. 

Survivability  enhancement  begins  during  research  and  technology  development  efforts  that 
provide  scientific  and  technological  innovations  in  the  following  areas: 

•  Lethality 

•  Design  for  low  vulnerability 

•  Design  for  low  susceptibility 

•  Survivability  assessment 

•  Sensor  design 

•  Signatures  and  signal  processing 

•  Power  resources 

•  Materials  and  structures 

•  Battlefield  environmental  effects 

•  Human  factors 

•  Advanced  computing 

•  Advanced  electronics 
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1.0  INTRODUCTION 


When  survivability  is  designed  into  a  combat  system,  the  benefits  are  many.  The  system’s 
combat  capability  will  be  improved,  the  lifecycle  cost  will  be  lower,  and  there  will  be  less  loss  of 
life.  As  with  other  abilities,”  the  best  designs  result  when  survivability  is  addressed  from  the 
beginning  of  the  development  cycle.  The  earlier  problems  and  the  need  for  trade  studies  are 
discovered,  the  more  time  there  is  to  think  of  solutions,  and  the  less  work  must  be  undone. 

A  survivability  program  must  be  established  and  maintained  throughout  the  system  life  cycle  to 
attain  overall  program  objectives.  The  program  should  stress  early  investment  in  survivability 
enhancement  efforts  that  improve  system  operational  readiness  and  mission  effectiveness  by: 

•  Providing  threat  avoidance  capabilities  (low  susceptibility). 

•  Incorporating  vulnerability  reduction  (damage  tolerance)  in  system  design  (low 
vulnerability). 

•  Maximizing  wartime  availability  and  sortie  rates  via  operationally  compatible  threat 
damage  tolerance  and  rapid  repairability  features. 

•  Minimizing  the  impact  of  the  survivability  program  on  the  overall  program  cost  and 
schedule. 

Engineering  Design  Elements  in  the  Acquisition  Process 

An  understanding  of  the  acquisition  process  discussed  in  Volume  2  is  fundamental  to  both  the 
application  of  survivability  engineering  and  the  practice  of  systems  engineering.  The  acquisition 
process  begins  with  the  identification  of  need  and  extends  through  planning,  research,  design, 
production  or  construction,  evaluation,  utilization,  maintenance  and  support,  and  ultimate 
retirement  (disposal). 

The  engineering  design  approach  for  bringing  products  into  being  considers  the  system’s  entire 
life  cycle.  The  objective  behind  engineering  for  the  life  cycle  is  to  ensure  that  the  entire  life  of 
the  system  is  considered  from  inception.  Engineering  design  elements  are  depicted  in  Figure  1. 
Consideration  of  these  elements  not  only  should  transform  a  need  into  to  a  definitive  product 
configuration  for  customer  use,  but  also  ensure  the  design’s  compatibility  with  related  physical 
and  functional  requirements. 
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Figure  1.  Engineering  Design  Elements 

The  elements  should  take  into  account  life-cycle  outcomes  as  measured  by  performance, 
effectiveness,  producibility,  reliability,  maintainability,  and  cost.  Because  of  the  numbers  and 
types  of  engineers  representing  the  different  engineering  disciplines  associated  with  systems 
acquisition,  the  systems  engineer  (SE)  has  the  responsibility  to  provide  the  necessary  input  to  the 
design  process.  The  SE  needs  to  use  specifications,  the  appropriate  checks  and  balances 
throughout  the  design  process,  selected  design  reviews,  and  an  effective  integrated  test  and 
evaluation  (T&E)  effort,  ensuring  throughout  this  process  that  the  necessary  feedback  for 
corrective  action  is  provided  as  required. 

Many  large  systems  require  the  combined  input  of  specialists  representing  a  wide  variety  of 
engineering  disciplines.  For  example,  an  aircraft  system  will  require  participation  of  the 
following  specialists: 


•  Aeronautical  engineers 

•  Electrical  engineers 

•  Electronic  engineers 
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•  Mechanical  engineers 

•  Metallurgists 

•  Survivability  engineers 

•  Logistics  engineers 

•  Reliability  and  maintainability  engineers 

•  Human  factors  engineers 

•  Systems  engineers 

•  Producibility  engineers 

•  Quality  engineers 

•  Value/Cost  engineers 

•  Industrial  engineers 

•  Test  engineers 

•  Engineers  in  other  specialties 

The  foregoing  list  might  not  be  all-inclusive,  but  it  does  show  that  many  different  engineering 
disciplines,  including  that  of  survivability,  are  directly  involved.  These  engineers,  forming  parts 
of  a  larger  organization,  not  only  must  be  able  to  communicate  with  each  other  but  also  must  be 
conversant  with  such  supplemental  activities  as  purchasing,  accounting,  manufacturing,  and  legal 
issues.  The  project  environment  for  a  system’s  design  and  development  is  typically  highly 
dynamic.  Many  individuals  with  different  specialties  and  backgrounds  rotate  into  and  out  of  a 
program  at  varying  times.  Good  communication  is  essential,  as  well  as  a  good  understanding  of 
the  numerous  interfaces  existing  in  any  given  program.  Use  of  the  systems  engineer  in 
conjunction  with  the  Integrated  Product  and  Process  Development  /Integrated  Product  Teams 
(IPPD/IPT)  concept  and  process  (see  Volume  2)  ensures  coordination  throughout  the  life  cycle. 

According  to  the  Defense  Acquisition  Deskbook  (DAD):  “The  Program  Manager  shall  ensure 
that  a  systems  engineering  process  is  used  to  translate  operational  needs  and/or  requirements  into 
a  system  solution  that  includes  the  design,  manufacturing,  T&E,  and  support  processes  and 
products.  The  systems  engineering  process  shall  establish  a  proper  balance  between 
performance,  risk,  cost,  and  schedule,  employing  a  top-down  iterative  process  of  requirements 
analysis,  functional  analysis  and  allocation,  design  synthesis  and  verification,  and  system 
analysis  and  control.” 

Integrated  Product  and  Process 
Development/Integrated  Product  Teams 

DoD  defines  IPPD  as  “A  management  process  that  integrates  all  activities  from  product  concept 
through  production/field  support,  using  a  multifunctional  team,  to  simultaneously  optimize  the 
product  and  its  manufacturing  and  sustainment  processes  to  meet  cost  and  performance 
objectives.”  IPPD  evolved  from  concurrent  engineering,  and  is  sometimes  called  integrated 
product  development  (IPD).  It  is  a  systems  engineering  process  integrated  with  sound  business 
practices  and  common  sense  decision  making.  Organizations  may  undergo  profound  changes  in 
culture  and  processes  to  successfully  implement  IPPD. 
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IPPD  is  a  management  technique  that  simultaneously  integrates  all  essential  acquisition  activities 
through  the  use  of  multidisciplinary  teams  to  optimize  the  design,  manufacturing  and 
supportability  processes.  IPPD  facilitates  meeting  cost  and  performance  objectives  from  product 
concept  through  production,  including  field  support.  One  of  the  key  IPPD  tenets  is 
multidisciplinary  teamwork  through  IPTs.  These  teams  enable  making  the  right  decisions  at  the 
right  time. 

The  IPT  is  composed  of  representatives  from  all  appropriate  functional  disciplines,  including 
survivability,  working  together  with  a  Team  Leader  to  build  successful  and  balanced  programs, 
identify  and  resolve  issues,  and  make  sound  and  timely  recommendations  to  facilitate  decision¬ 
making.  There  are  three  types  of  IPTs:  An  Overarching  IPT  (OIPT)  focuses  on  strategic 
guidance,  program  assessment,  and  issue  resolution.  A  Working-Level  IPT  (WIPT)  identifies 
and  resolves  program  issues,  determines  program  status,  and  seeks  opportunities  for  acquisition 
reform.  A  Program  IPT  (PIPT)  focuses  on  program  execution  and  may  include  representatives 
from  both  government  and  (after  contract  award)  industry. 

An  IPT  has  the  following  objectives: 

•  Produce  a  design  solution  that  satisfies  initially  defined  requirements. 

•  Communicate  that  design  solution  clearly,  effectively,  and  in  a  timely  manner. 

Multi-functional  integrated  teams  also  have  the  following  objectives: 

•  Place  balanced  emphasis  on  product  and  process  development. 

•  Require  early  involvement  of  all  disciplines  appropriate  to  the  team  task. 

Design-level  IPT  members  are  chosen  to  meet  the  team  objectives  and  generally  have  distinctive 
competence  in  the  following: 

•  Technical  management  (systems  engineering) 

•  Life-cycle  functional  areas  (eight  primary  functions) 

•  Technical  specialty  areas,  such  as  safety,  risk  management,  quality,  etc. 

•  When  appropriate,  business  areas  such  as  finance,  cost/budget  analysis,  and  contracting 

Survivability  involvement  is  a  function  of  the  needs  of  the  Program  Manager  (PM).  The  options 
include  a  dedicated  Survivability  IPT  or  survivability  representation  on  the  Systems  Engineering 
team  and  the  various  associated  IPTs. 

The  purpose  of  IPTs  is  to  make  team  decisions  based  on  timely  input  from  the  entire  team  (e.g., 
program  management,  engineering,  manufacturing,  test,  logistics,  financial  management, 
contracting,  contract  administration),  including  customers  and  suppliers.  IPTs  are  generally 
formed  at  the  Program  Manager  level  and  may  include  members  from  both  the  Government  and 
the  system  contractor.  A  typical  IPT  at  the  program  level,  for  example,  may  be  composed  of  the 
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following  functional  descriptions:  design  engineering;  manufacturing;  systems  engineering; 
T&E;  subcontracting;  considerations  of  safety  and  hazardous  materials  (HAZMAT);  quality 
assurance;  training;  finance;  reliability,  maintainability,  survivability  and  supportability; 
suppliers;  and  customers. 

Survivability  Considerations  as 
Part  of  the  IPPD/IPT  Process 

The  best  time  to  address  survivability  is  early  in  the  acquisition  process.  Survivability  objectives 
are  developed  through  trade  studies,  which  are  conducted  before  an  acquisition  approach  is 
finalized.  To  facilitate  that  process,  the  OIPT  for  each  ACAT  I  program  (and  ACAT  LA  program 
as  required)  should  establish  a  Survivability  IPT  (SIPT)  as  an  integral  part  of  each  WIPT.  The 
user  community  should  be  represented  on  the  SIPT.  Industry  representation,  consistent  with 
statute  and  at  the  appropriate  time,  should  also  be  considered.  Prior  to  each  milestone  decision, 
the  PM  reports  the  SIPT  findings  to  the  OIPT  leader. 

The  successful  application  of  survivability  as  a  functional  discipline  within  the  IPT  structure 
requires  not  only  the  close  association  of  the  PM  and  the  SE  but  also  employment  of  the  concept 
of  IPPD  throughout  the  program  design  process  to  the  maximum  extent  practicable.  This  use  of 
the  IPPD  concept  can  best  be  accomplished  by  establishing  a  Systems  Engineering  IPT  (SEIPT) 
and  ensuring  that  the  systems  engineer  has  a  key  role  in  the  Integrating  IPT  (IIPT). 

The  Systems  Engineering  Process 

Systems  engineering  consists  of  two  significant  disciplines:  (1)  the  technical  knowledge  domain 
in  which  the  systems  engineer  operates  and  (2)  systems  engineering  management.  Systems 
engineering  is  defined  as  the  technical  and  management  efforts  of  planning,  directing,  and 
controlling  a  totally  integrated  engineering  effort  for  a  system  or  program.  Systems  engineering 
includes,  but  is  not  limited  to,  the  engineering  effort  to  transform  an  operational  need  or 
statement  of  deficiency  into  a  description  of  system  requirements  and  a  preferred  system 
configuration;  and  the  technical  planning  and  control  effort  for  planning,  monitoring,  measuring, 
evaluating,  directing,  and  replanning  the  management  of  the  technical  program.  If  a  prime 
contract  is  in  force,  the  design  engineering  and  production  engineering  directly  related  to  the 
products  or  services  of  a  deliverable  end  item  are  the  responsibility  of  the  prime  contractor. 

The  systems  engineering  process  is  a  structured,  disciplined,  and  documented  technical  effort 
through  which  systems  products  and  processes  are  simultaneously  defined  and  developed.  The 
systems  engineering  team  is  responsible  for  the  technical  and  management  efforts  of  directing 
and  controlling  an  integrated  engineering  effort  on  a  system  or  program. 

Systems  engineering  involves  design  and  management  of  the  entire  system,  including  hardware 
and  software  as  well  as  other  system  life-cycle  elements.  The  most  effective  way  to  implement 
systems  engineering  is  through  multidisciplinary  teamwork  as  part  of  an  overall  integrated 
product  and  process  development  effort.  As  a  functional  discipline,  survivability  plays  a  major 
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role  in  systems  engineering  in  support  of  engineering  (design  and  development),  analysis 
(systems  as  well  as  independent),  T&E  (DT&E,  OT&E  and  LFT&E),  M&S  (development  and 
W&A),  and  associated  program-level  documents  (MNS,  ORD,  SEMP,  TEMP,  etc.). 

From  a  systems  engineering  standpoint,  the  survivability  engineer  (SIPT  Lead)  becomes  a 
primary  participant  in  design  synthesis  and  verification  for  survivability.  Design  synthesis  and 
verification  activities  translate  survivability  functional  and  performance  requirements  into  design 
solutions  that  include  people,  product  and  process  alternative  concepts  and  solutions,  and  internal 
and  external  interfaces.  These  design  solutions  need  to  be  in  sufficient  detail  to  verify  that 
requirements  have  been  met.  The  verification  process  addresses  the  design  tools,  products,  and 
processes,  with  verification  of  the  design  including  a  cost-effective  combination  of  design 
analysis,  design  modeling  and  simulation,  and  demonstration  and  testing. 

Throughout  the  system  design  and  development,  many  different  alternatives  (or  concepts) 
require  evaluation  and  trades.  The  process  of  investigating  and  evaluating  these  alternatives 
constitutes  an  ongoing  analytical  effort,  which  is  inherent  within  the  systems  engineering 
process.  To  accomplish  this  activity  in  an  effective  manner,  the  engineer  and/or  analyst  relies  on 
the  use  of  analytical  techniques  and  tools  to  make  early  trade  studies  and  to  facilitate  the 
quantitative  system  analysis  process  delineated  below: 

•  Define  the  problem. 

•  Identify  analysis  requirements. 

•  Select  evaluation  criteria. 

•  Establish  models  and  simulation  requirements. 

•  Acquire  necessary  models  and  simulations. 

•  Generate  input  data. 

•  Perform  analysis. 

Systems  Engineering  References  and  Definitions 

Since  an  industrial  standard  does  not  yet  exist,  it  is  pertinent  to  stay  abreast  of  the  organizations 
and  activities  that  address  the  topic  of  systems  engineering.  Two  organizations  and  their  systems- 
engineering  training  materials,  discussed  below,  are  of  special  interest  and  should  be  used  for 
reference. 

The  Defense  Systems  Management  College  (DSMC)  Press  published  its  supplementary  text, 
Systems  Engineering  Fundamentals ,  in  October  1999.  This  book  provides  a  basic,  conceptual- 
level  description  of  engineering  management  disciplines  that  relate  to  the  development  and  life 
cycle  management  of  a  system.  For  the  nonengineer,  the  book  provides  an  overview  of  how  a 
system  is  developed.  For  the  engineer  and  project  manager,  it  provides  a  basic  framework  for 
planning  and  assessing  system  development. 

Information  in  the  book  is  from  various  sources,  but  a  good  portion  is  taken  from  lecture  material 
developed  for  the  two  Systems  Planning,  Research,  Development,  and  Engineering  courses 
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offered  by  Defense  Acquisition  University.  This  text  supplements  course  material  at  DSMC  and 
is  the  first  guidance  issued  on  the  topic  of  systems  engineering  since  the  Systems  Engineering 
Management  Guide  was  published  in  1990. 

DSMC  has  also  suggested  the  use  of  the  International  Council  on  Systems  Engineering 
(INCOSE)  SE  “How-To”  Handbook,  which  offers  the  following:  “Systems  Engineering  is  an 
interdisciplinary  approach  and  means  to  enable  the  realization  of  successful  systems.  It  focuses 
on  defining  customer  needs  and  required  functionality  early  in  the  development  cycle, 
documenting  requirements,  then  proceeding  with  design  synthesis  and  system  validation  while 
considering  the  complete  problem.  This  includes  operations,  performance,  testing, 
manufacturing,  cost  &  schedule,  training  and  support,  and  disposal.” 

Three  commonly  used  definitions  of  systems  engineering  are  provided  by  the  best-known 
technical  standards  that  apply  to  this  subject.  These  definitions  have  a  common  theme: 

•  “A  logical  sequence  of  activities  and  decisions  transforming  an  operational  need  into  a 
description  of  system  performance  parameters  and  a  preferred  system  configuration.” 
(MIL-STD-499A,  Engineering  Management,  1  May  1 974.  Now  canceled.) 

•  “An  interdisciplinary  approach  encompassing  the  entire  technical  effort,  to  evolve  into 
and  verify  an  integrated  and  life  cycle  balanced  set  of  system  people,  products,  and 
process  solutions  that  satisfy  customer  needs.”  (EIA  Standard  IS-632,  Systems 
Engineering,  December  1994.) 

•  “An  interdisciplinary,  collaborative  approach  to  derive,  evolve,  and  verify  a  life  cycle 
balanced  system  solution  which  satisfies  customer  expectations  and  meets  public 
acceptability.”  (IEEE  PI 220,  Standard  for  Application  and  Management  of  the  Systems 
Engineering  Process,  [Final  Draft],  26  September  1994.) 

In  summary,  systems  engineering  is  an  interdisciplinary  engineering  management  process  to 
evolve  and  verify  an  integrated,  life-cycle  balanced  set  of  system  solutions  that  satisfy  customer 
needs. 
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2.0  SYSTEM  DESIGN  AND  DEVELOPMENT  PROCESS 


The  survivability  system  design  and  development  process  follows  from  a  set  of  stated 
survivability  requirements  for  a  system  and  evolves  through  (1)  conceptual  design  (the 
establishment  of  performance  parameters,  operational  requirements,  and  support  policies),  (2) 
preliminary  systems  design,  and  (3)  detailed  design.  This  process  generally  begins  with  a 
visualization  of  what  is  required  and  extends  through  the  development,  test,  and  evaluation  of  an 
engineering  or  prototype  model  of  the  system.  The  output  constitutes  a  configuration  that  can  be 
directly  produced  or  constructed. 

Design  Considerations 

Chief  among  the  many  considerations  that  influence  system  design  are  the  following: 

•  Cost 

•  Manufacturing/production 

•  Quality 

•  Open  systems  design 

•  Survivability 

•  Logistics/supportability 

•  Reliability,  maintainability 

•  Availability 

•  Environment  and  safety 

•  Human  systems  integration 

•  Interoperability 

From  the  design  engineer’s  perspective,  the  top-level  work  breakdown  structure  (WBS)  for  a 
system  needs  to  take  the  following  into  consideration: 

•  Design  engineering 

•  Hardware 

•  Firmware 

•  Software 

•  Safety 

•  Cost 

•  LCC 

•  Cost  as  an  independent  variable  (CAIV) 

•  Standardization  and  commonality 

•  T&E 

•  Test  supportability  ■' 
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•  Test  design  and  planning 

•  Specialty  requirements 

•  Environmental  compatibility 

•  Survivability 

•  Reliability 

•  Availability 

•  Human  factors 

•  Maintainability 

•  Production 

•  Industrial  base 

•  Producibility 

•  Assurance  and  control 

The  survivability  engineer  applies  the  design  process  in  concert  with  the  systems  engineer.  This 
team  pursues  the  following  steps  in  the  design  process: 

•  Perform  trade  studies. 

•  Perform  system  and  item  analyses  of  the  candidate  design. 

•  Establish  design  criteria. 

•  Make  detailed  decisions  that  transform  requirements,  resources,  and  constraints 
into  design. 

The  survivability  engineer  serves  as  the  advocate  for  the  survivability  design,  considering  which 
of  the  feasible  design  alternatives  would  be  best.  The  pertinent  IPT  functions  are  summarized  as 
follows: 

•  Identify  the  Operational  Requirements  Document  (ORD)  survivability  constraints 
and  define  the  resulting  survivability  requirements  (relative  to  each  associated 
element)  for  each  proposed  design  alternative  (while  the  alternative  exists  only  on 
paper).  This  difficult  function  requires  analytical/engineering  skills  and  the  ability  to 
communicate  in  the  language  of  the  design  engineer. 

•  Advocate  the  selection  of  the  most  easily  supported  design  alternative.  This  function 
involves  communicating  the  survivability  implications  of  each  design  alternative  to 
the  other  members  of  the  IPT. 

•  Influence  the  emergence  of  this  design  to  help  create  cost-effective/supportable 
detailed  design  decisions. 

•  Refine  the  survivability  requirements  (relative  to  each  element)  to  reflect  the 
particulars  of  the  emerging  design.  This  function  involves  ensuring  that  the 
survivability  requirements  are  defined  to  the  same  depth  and  at  the  same  pace  as  the 
emerging  design. 
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•  Plan  and  conduct  T&E,  based  on  this  real-time  definition.  This  function  involves 
planning  survivability  for  the  product  or  system  during  developmental/engineering 
tests  and  all  early  field/operational  tests.  Successful  tests  will  validate  the  workability 
of  the  planned  survivability  designs. 

•  Acquire  all  necessary  items  of  support  for  each  survivability  design.  This  function 
involves  ensuring  that  the  system  definition  and  procurement  include  the  system, 
product,  or  service,  as  well  as  all  requisite  items  of  support  for  each  survivability 
element.  Producing  the  system  and  its  support  items  (in  quantity)  is  a  necessary 
follow-up  task.  The  common  interest  of  the  manufacturing  and  logistics  communities 
is  in  producing  a  quality  product  that  conforms  to  the  design  through  the  reduction  of 
variability  in  the  manufactured  design.  Reduction  of  variability  leads  to  products  that 
perform  better  during  the  operational  phase  and  require  less  maintenance  because 
they  break  down  less.  Thus  the  manufacturing  and  logistics  communities  have  a 
strong  common  area  of  interest  with  the  design  engineer. 

•  Provide  the  system  to  the  customers  in  the  right  place,  at  the  right  time,  and  in  the 
right  quantities.  Accomplishment  of  this  function  requires  the  execution  of  a  good 
engineering  plan. 

•  Improve  the  system  through  the  inevitable  change  or  modification  process.  This 
function  is  also  important. 

These  functions  represent  the  core  activities  of  a  survivability  member  of  an  IPT.  Note  that  the 
execution  of  a  modification  program  after  the  system  has  been  produced  requires  each  affected 
engineering  function  to  be  repeated.  Thus  acquisition  survivability  engineering  (in  a  world  of 
rapidly  changing  technology)  never  really  goes  away. 

Acquisition  Elements  for 
Survivability  Engineering 

From  a  survivability  engineering  standpoint,  the  following  acquisition  elements  are  primary  to 
the  engineer: 

•  Concept  Development  and  Requirements  Analysis.  Survivability  engineering  activities 
required  under  this  element  involve  abstract  or  concept  survivability  designs  that  become 
subject  to  studies  and  analysis,  requirements  definition,  preliminary  planning,  and  evaluation 
of  alternative  technical  approaches  and  associated  costs  for  the  development  or  enhancement 
of  high-level  general  performance  specifications  of  a  system,  project,  mission,  or  activity. 
Typical  associated  tasks  include,  but  are  not  limited  to,  survivability  requirements  analysis, 
cost-performance  trade  studies,  feasibility  analysis,  regulatory  compliance  support,  and 
technology  conceptual  designs. 

•  System  Design,  Engineering,  and  Integration.  Survivability  engineering  involves 
translating  a  system  (or  subsystem,  program,  project,  qr  activity)  survivability  concept  into  a 
preliminary  and  detailed  design  (including  engineering  plans  and  specifications);  performing 
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risk  identification,  analysis,  and  mitigation;  ensuring  traceability;  and  then  integrating  the 
various  components  to  produce  a  survivable,  working  prototype  or  model  of  the  system. 
Typical  associated  survivability  tasks  include,  but  are  not  limited  to,  computer-aided  design, 
design  studies  and  analysis,  research  and  development,  high-level  detailed  specification 
preparation,  configuration  management  and  document  control,  fabrication,  assembly,  and 
modeling  and  simulation. 

•  Test  and  Evaluation.  This  element  involves  the  application  of  various  techniques 
demonstrating  that  a  prototype  system  (subsystem,  program,  project,  or  activity)  performs  in 
accordance  with  the  survivability  objectives  outlined  in  the  original  design.  Typical  associated 
tasks  include,  but  are  not  limited  to,  prototype  and  first-article(s)  testing,  environmental 
testing,  independent  verification  and  validation,  reverse  engineering,  modeling  and  simulation 
(to  test  the  feasibility  of  a  concept),  system  safety,  quality  assurance,  education/training,  and 
physical  testing  of  the  product  or  system  in  developmental,  operational,  and  live-fire  T&E. 

Milestone  A  and  Concept  and 
Technology  Development  Phase 

One  path  into  systems  acquisition  begins  with  examining  alternative  concepts  to  meet  a  stated 
mission  need.  This  path  begins  with  a  decision  to  enter  the  concept  and  technology  development 
phase  at  Milestone  A.  The  phase  ends  with  a  selection  of  a  system  architecture  and  the 
completion  of  entrance  criteria  into  Milestone  B  and  the  system  development  and  demonstration 
phase. 

Concept  development  and  requirements  analysis  begin  in  the  concept  and  technology 
development  phase,  which  typically  consists  of  competitive,  parallel,  short-term  concept  studies. 
These  efforts  focus  on  defining  and  evaluating  the  feasibility  of  alternative  survivability 
concepts,  as  well  as  providing  a  basis  for  assessing  the  relative  merits  (i.e.  advantages  and 
disadvantages,  degree  of  risk)  of  these  concepts  at  the  next  milestone  decision  point.  Analysis  of 
alternatives  is  used  as  appropriate  to  help  in  comparisons  of  alternative  concepts.  The  most 
promising  system  concepts  are  defined  in  terms  of  initial  broad  objectives  for  cost,  schedule, 
performance,  software  requirements,  opportunities  for  trades,  overall  acquisition  strategy,  and 
T&E  strategy. 

System  Development  and  Demonstration  Phase 

As  one  or  more  concepts,  design  approaches,  and/or  parallel  technologies  are  pursued  as 
warranted,  the  program  takes  on  definition.  Assessments  of  the  advantages  and  disadvantages  of 
alternative  survivability  concepts  are  refined.  Prototypes,  demonstrations,  and  early  operational 
assessments  are  considered  and  included  as  necessary  to  reduce  risk  so  that  technology, 
manufacturing,  and  support  risks  are  well  in  hand  before  the  next  decision  point.  Cost  drivers, 
life-cycle  cost  estimates,  cost-performance  trades,  interoperability,  and  acquisition  strategy 
alternatives  are  considered,  with  evolutionary  and  incremental  software  development  an  essential 
part  of  each  consideration.  The  survivability  engineer  concentrates  on  design  approaches. 
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The  primary  objectives  in  the  system  development  and  demonstration  phase  are  to  translate  the 
most  promising  survivability  design  approach  into  a  stable,  interoperable,  producible, 
supportable,  and  cost-effective  design;  validate  the  manufacturing  or  production  process;  and 
demonstrate  system  capabilities  through  testing. 

A  favorable  Milestone  C  decision  authorizes  the  PM  to  commence  only  low-rate  initial 
production  (LRIP).  The  PM  is  authorized  to  commence  full-rate  production  only  with  further 
approval  of  the  Milestone  Decision  Authority  (MDA). 

Normally  no  more  than  one  decision  (i.e.,  either  low-rate  or  full-rate  initial  production)  is  made 
at  the  Defense  Acquisition  Executive  (DAE)  level  for  major  defense  acquisition  programs.  LRIP 
occurs  during  the  Production  and  Deployment  phase  as  test  results  and  design  fixes  or  upgrades 
are  being  incorporated. 

The  survivability  engineer’s  role  in  this  phase  involves  a  variety  of  functions  that  depend  on  the 
type  of  system  and  the  extent  of  new  development  necessary.  Any  or  all  of  the  following  may  be 
considered  in  addressing  survivability  enhancement: 

•  Accomplish  functional  analyses  and  allocations  to  identify  the  major  operational  and 
maintenance  support  functions  that  the  system  is  to  perform. 

•  Establish  criteria  (qualitative  and  quantitative  technical  parameters,  bounds,  and 
constraints)  for  system  design. 

•  Evaluate  alternative  design  approaches  (concepts)  by  conducting  system/cost 
effectiveness  analyses  and  trade  studies. 

•  Prepare  system  development,  process,  and  material  specifications. 

•  Select  components  for  the  system  and  recommend  supplier  sources. 

•  Assist  the  purchasing  and  contracting  functions  in  the  preparation  of  contractual 
documentation. 

•  Prepare  functional  design  layouts,  engineering  drawings,  parts  and  materials  lists,  etc., 
with  the  objective  of  thoroughly  defining  the  product  or  process  through  documentation. 

•  Assess  the  design  through  predictions,  analyses,  and  performance  of  periodic  design 
reviews.  This  assessment  is  basically  accomplished  through  a  review  of  the  engineering 
documentation. 

•  Develop  breadboards,  engineering  models,  and  prototypes  for  system  T&E  purposes. 

•  Develop  system  software  (computer  programs),  associated  databases,  and  related 
documentation  required  to  define,  design,  test,  produce,  operate,  and  maintain  the  system. 

•  Perform  design  modifications  as  necessary  to  correct  deficiencies  and/or  improve  the 
system  design. 
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Survivability  enhancement  requirements  for  a  system  may  be  specified  for  all  or  some  of  the 
following  categories,  as  applicable: 

•  Detection  avoidance,  including 

-  Radar  cross-section 

-  IR  signature 

-  Aural  signature 

-  Visual  signature 

-  Engine  smoke 

•  Threat  avoidance,  including 

-  Radar  warning 

-  IR  sensing 

-  Directed-energy  threat  warning 

-  Chemical-biological  threat  warning 

-  Electronic  countermeasures 

-  Expendables 

-  Decoys 

-  Mission  planning  systems 

•  Threat  suppression,  including 

-  Countermeasures 

-  Lethal  defense 

-  Counter-countermeasures 

•  Damage  tolerance  (subsystem  protection  levels)  for 

-  Armor-piercing  projectiles 

-  Incendiary  projectiles 

-  High-velocity  fragments 

-  Blast  overpressure 

-  Other  threats  (e.g.,  laser,  biological,  chemical,  high-power  microwave) 

•  Multiple  exposures  (cumulative  effects) 

•  Synergistic  effects 

•  Target  threat  orientation  (attack  aspects) 

•  Verification 

•  Hardware  assurance 
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In  many  cases  the  procurement  agency  may  not  specify  firm  numerical  values  for  many  of  the 
elements  listed  above.  Instead,  the  developer  may  be  required  to  perform  survivability 
enhancement  trade  studies  to  establish  costs/penalties  and  MOEs  for  a  variety  of  survival 
enhancement  techniques.  The  methodology  for  these  studies  must  be  provided  or  approved  by 
the  procuring  agency. 

The  results  of  these  studies  are  intended  to  provide  the  optimum  design-to  criteria  guidance,  as 
well  as  detailed  guidance  on  the  content  and  conduct  of  these  trade  studies. 
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3.0  SURVIVABILITY  ENHANCEMENT  TECHNIQUES 

This  section  contains  a  discussion  of  basic  survivability  enhancement  techniques  as  they  are 
applied  during  the  following  phases: 

•  Concept  and  Technology  Development  Phase.  In  studies,  prototype  programs,  RFPs,  RFIs, 
or  other  pre-full  scale  development  effort,  the  guidelines  of  this  section  are  intended  to 
generate  proposed  solutions  to  survivability  performance  requirements,  provide  realistic 
signature-level  requirements,  and  quantify  performance  cost  and  schedule  allowances  that 
must  be  made.  Design  studies  are  required. 

•  System  Development  and  Demonstration  Phase.  During  the  system  development  and 
demonstration  phase,  insofar  as  possible,  hard  performance  requirements  and  specific 
signature  levels  should  be  specified,  along  with  requirements  that  these  measures  be  met 
within  contractual  limits  for  cost,  performance,  and  schedule.  If  it  becomes  necessary  to  enter 
the  system  development  and  demonstration  phase  without  sufficient  information  to  specify 
hard  requirements,  the  Contract  Data  Requirements  List  (CDRL)  should  specify  Design 
Studies  to  allow  development  of  solutions  to  survivability  performance  requirements  and 
definition  of  the  associated  performance  cost  and  schedule  penalties.  (This  qualifier  may  be 
applicable  for  aerospace  system  programs  begun  before  publication  of  this  section  or  for 
major  rework,  conversion,  or  programs  to  extend  service  life). 

Reduction  of  Detection 

Levels  of  radar  reflection;  IR,  visual,  and  electromagnetic  emission  and  reflection;  and  aural 
noise  should  be  in  accordance  with  the  aerospace  system  performance  specification.  If  no  levels 
are  specified,  the  contractor  should  conduct  survivability  enhancement  trade  studies  and  cost 
effectiveness  analyses  for  each  applicable  threat-detectable  signature  combination  defined  in  the 
mission  threat  analysis.  In  the  survivability  plan  or  supplement  thereto,  the  contractor  should 
recommend  appropriate  signature  levels,  based  on  effectiveness  that  can  be  achieved  versus 
associated  cost  and  penalties.  These  recommended  levels  should  be  supported  by  analysis  and 
test.  Once  approved,  the  recommended  levels  should  become  binding  system  specification 
requirements. 

Radar  Cross-Section  Reduction.  The  radar  cross  section  (RCS)  of  the  aerospace  system, 
including  the  mission  stores,  should  be  reduced  to  the  levels  required  to  achieve  the  jamming-to- 
signal  (J/S)  ratio  specified  for  each  aspect  angle-threat  frequency  combination  called  out  in  the 
aerospace  system  performance  specification  and  the  approved  survivability  plan.  Areas  which 
should  be  given  special  consideration  include  engine  inlet  ducts  and  engine  front  faces,  engine 
exhausts,  inherent  structural  comer  reflectors,  cavities  (crew  compartment,  radomes,  antenna  and 
antenna  apertures,  radar-visible  internal  bulkheads,  etc.),  and  external  or  semi-submerged  stores. 
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Infrared  Signature  Reduction.  The  contractor  should  design  to  the  IR  emission  requirements 
specified  in  the  aerospace  system  performance  specification  or  the  survivability  plan.  Aerospace 
system  areas  to  be  given  special  attention  are  exposed  engine  hot  sections,  heated  surfaces, 
engine  exhaust,  exhaust  plume,  aerospace  system  IR  reflections  from  transparencies  and  metallic 
or  IR  reflective  surfaces,  and  internal  and  external  illumination  devices. 

Visual  Signature  Reduction.  The  contractor  should  design  to  the  aerospace  system  visibility 
requirements  specified  in  the  aerospace  system  performance  specification  and  the  survivability 
plan,  by  reducing  the  contrast  of  the  aerospace  system  with  its  background  (both  sky  and 
surface),  reducing  the  reflection  of  light,  and  reducing  smoke  or  contrail  emissions. 

Aural  Signature  Reduction.  The  contractor  should  reduce  or  eliminate  noise  signature  from 
propulsion  and  aerodynamic  surfaces  to  the  extent  practicable  and  as  specified  in  the 
survivability  plan. 

Electromagnetic  Emission  Reduction.  Inadvertent  electromagnetic  emissions  that  can  be 
detected  by  surveillance  devices  to  locate  the  aerospace  system  should  be  eliminated  or  reduced 
so  that  no  emitter  in  the  standby  mode  of  operation  and  no  other  equipment  in  full  operation  will 
emit  radiation  that  exceeds  the  level  specified  in  the  aerospace  system  performance  specification 
and  the  survivability  plan. 

Survivability  Aids 

The  survivability  of  the  aerospace  system  should  be  enhanced  through  the  use  of  electronic 
warfare  countermeasures  and  electronic  warfare  counter-countermeasures  as  required  by  the 
performance  specifications  for  the  aerospace  and  avionics  systems.  Selection  of,  and 
specification  for,  survivability  aids  should  be  based  on  survivability  enhancement  trade  studies. 
The  trade  studies  should  consider  all  aspects  of  susceptibility  reduction  for  specified  threat 
weapons.  The  contractor  should  determine  the  J/S  levels  required  to  permit  effective  operation  in 
the  threat  environment. 

Damage  Tolerance 

For  aerospace  systems  whose  missions  involve  exposure  to  non-nuclear  threats,  protection  of  the 
system  should  be  provided  to  the  extent  required  by  the  aerospace  system  performance 
specification.  Where  no  specific  levels  of  protection  are  levied,  the  contractor  should  provide, 
upon  approval  by  the  government,  the  most  effective  combination  of  survivability  enhancement 
features  determined  by  the  aerospace-system  survivability  assessment  and  system  cost 
effectiveness  analyses  described  in  Volume  10.  , 

Design  Configuration 

The  general  design  configuration  of  the  aerospace  system  should  be  arranged  to  obtain  the 
highest  level  of  protection  practicable  for  the  least  penalties.  Design  considerations  should 
include  such  matters  as  redundancy  and  separation  of  System  components,  lines,  and  structures; 


18 


JTCG/AS  Aerospace  Systems  Survivability  Handbook  Series 

Volume  4.  Survivability  Engineering  Survivability  Enhancement  Techniques 


natural  masking  of  essential  components;  location  of  fuel  cells  in  relation  to  engine  inlets  so  as  to 
minimize  ingestion  of  fuel  leakage;  elimination  of  fire  paths  that  jeopardize  controls;  integral 
armor;  and  isolation  of  hazardous  elements  such  as  armament,  oxygen  containers,  and  flammable 
fluids  from  sensitive  or  susceptible  areas.  Revisions  should  be  incorporated  to  prevent  or 
suppress  hazardous  fires  in  the  isolation  where  they  start  (engine  nacelle,  fuel  tank,  dry  bay,  etc.) 
to  decrease  the  possibility  of  aerospace  system  kill  caused  by  fire.  The  flying  qualities  for  safe 
flight  after  sustaining  the  specified  hostile  weapon  effects  should  meet  minimum  levels  specified 
in  the  performance  specification. 

Structure.  The  aerospace  system  structure  should  be  of  a  fail-safe  design  achieved  through  the 
use  of  multiple  load  paths  and  crack  stoppers  to  reduce  the  probability  of  catastrophic  structural 
failure  due  to  battle  damage  with  the  aircraft  in  full-g  maneuvering  flight.  No  flight-critical 
structural  components  or  load  paths  should  be  vulnerable  to  a  single  detonation,  impact,  or  other 
damage  mechanism  of  threat  specified  in  the  implementing  documentation  that  would  preclude  a 
safe  return  and  landing  (arrested  landing  in  the  case  of  aircraft  equipped  with  an  arresting  hook). 
Additional  requirements  may  be  listed  under  Damage  Tolerance  or  Crashworthiness  in  the 
performance  specification. 

Crew  Station.  Protection  should  be  provided  for  the  aircrew  as  required  by  the  aircraft 
performance  specification  or  as  determined  by  the  government-approved,  contractor-conducted 
aircraft  vulnerability  analysis,  as  discussed  in  Volume  7.  When  ballistic  protection  is  required,  it 
should  be  for  the  V05  ballistic  limit.  The  crew  station  design  should  minimize  both  the 
generation  of  hazardous  spallation  within  the  crew  area  and  the  probability  of  simultaneous 
incapacitation  of  more  than  one  pilot  (in  a  multipilot  aircraft)  because  of  a  fragmenting  round. 

Fuel  System.  The  fuel  system  should  be  designed  to  withstand  the  specific  threats  identified  in 
the  aerospace  system  performance  specification  and  in  the  implementing  documentation  and  to 
provide  a  specified  quantity  of  protected  “get-home”  fuel.  Fire  and  explosion  suppression 
techniques  should  be  employed  throughout  the  fuel  system.  Such  suppression  techniques  should 
include  location  of  fuel  tankage  and  lines  away  from  ignition  sources  and  employment  of 
predictable  nonhazardous  fuel  leakage  paths  following  impact  by  the  specified  threats.  For 
carrier-based  aircraft,  the  fuel  systems  should  be  designed  to  contain  the  fuel  with  the  aircraft 
engulfed  in  a  fire  for  the  time  specified  in  the  aircraft  performance  specification.  Hydraulic  ram 
protection  should  meet  the  specified  requirements  and  should  be  designed  to  prevent  the  creation 
of  hazardous  secondary  damage  mechanisms  such  as  fuel  ingestion  by  the  engine. 

Propulsion  System.  The  engine  installation  should  be  designed  for  protection  from  the  weapon 
effects  required  by  the  aerospace  system  performance  specification  and  by  the  implementing 
documentation  of  this  section.  Where  multiple  engines  are  employed,  design  techniques  should 
be  used  to  prevent  the  combat  damage  response  of  one  engine  from  propagating  to  another 
engine,  causing  its  failure  or  degradation.  Fire  detection  and  extinguishing  should  be  provided  in 
multiple  engine  propulsion  systems  and  should  be  considered  in  single  engine  systems. 
Responsibility  for  engine  vulnerability  reduction  and  survivability  enhancement  of  the  installed 
engine  is  vested  in  the  airframe  contractor. 
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Power-Train  System.  Power-rain  systems,  such  as  those  employed  by  V/STOL  or  turboprop 
aircraft,  should  be  designed  to  be  damage  tolerant  against  the  level  of  threats  required  by  the 
mission  specified  in  the  performance  specification,  the  operational  requirements,  and 
implementing  documentation.  Redundancy,  reserve  capacity,  damage  tolerance,  and  ballistically 
protected  elements  should  be  evaluated  as  methods  to  obtain  the  specified  or  established 
protection  levels.  Design  techniques  to  delay  failure  upon  loss  of  lubrication  should  be  used  for 
essential  power  train  elements.  Rotating  shafts  and  blade  assemblies  should  be  ballistically 
tolerant  to  the  threats  specified  in  the  implementing  documentation  of  this  section  and  should  not 
be  the  source  of  secondary  damage  mechanisms  for  other  critical  components. 

Flight-Control  System.  The  primary  flight-control  system  should  be  designed  to  minimize 
failure  or  malfunction  from  the  non-nuclear  weapon  effects  specified  in  the  implementing 
documentation  of  this  section.  No  single  hit  by  the  specified  threat,  on  the  flight  control 
subsystem  should  kill  the  aerospace  system.  The  design  of  the  flight  control  subsystem  should  be 
such  that,  if  the  actuating  elements  of  the  control  surfaces  fail,  they  return  the  control  surfaces  to 
a  position  to  maintain  level  flight.  The  design  of  the  flight  control  subsystem  should  be  such  that: 

•  Failure  of  the  primary  system  does  not  result  in  a  jammed  system.  For  ship-based  aircraft, 
control  functions  necessary  for  safe  recovery  of  the  aircraft  aboard  the  ship  should  be  as 
specified  in  the  aircraft  performance  specification. 

•  Secondary  controls  such  as  slats,  flaps,  speed  brakes,  etc.,  are  designed  so  that  their  response 
to  weapon  effects  will  not  result  in  hazardous  flight  and  recovery  operations. 

•  Applicable  techniques  such  as  redundancy,  separation,  miniaturization,  exploitation  of 
inherent  shielding,  damage-tolerant  and  damage-resistant  components,  ballistic  armor,  fly¬ 
by-wire  devices,  emergency  backup  subsystems,  and  integrated  power  packages  should  be 
evaluated  as  methods  to  achieve  the  desired  protection  levels.  Routing  and  separation  should 
be  such  that: 

-  Maximum  protection  against  hostile  threats  is  afforded  by  the  aerospace  system  engines, 
structure,  or  other  subsystems. 

-  Points  where  a  single  hit  from  a  specified  threat  will  result  in  loss  of  more  than  one 
control  axis,  or  result  in  an  uncontrollable  aerospace  system,  are  eliminated. 

-  Damage  resulting  from  multiple  fragment  hits  is  minimized. 

Fluid  Power  System.  Protection  for  the  fluid  power  systems  (hydraulic  and/or  pneumatic) 
should  be  provided  to  the  extent  required  by  the  aerospace  system  performance  specification. 

The  following  survivability  design  techniques  should  be  evaluated  to  achieve  the  required 
protection  levels: 

•  Less  flammable  hydraulic  fluids 

•  Hydraulic  circuit  monitoring  and  control 

•  Redundant  systems 

•  Shatterproof  components 
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•  Miniaturization 

•  Separation 

•  High-heat-tolerant  components  or  lines 

•  Component  manifolding  (the  combination  of  several  hydraulic  functions  in  a  single 
damage-resistant  package  with  concurrent  reductions  in  the  presented  area) 

Electrical  Power  System.  The  electrical  power  generation  and  distribution  system,  including 
emergency  backup  systems,  should  be  designed  to  survive  the  specified  non-nuclear  weapon 
effects.  Circuits  for  essential  functions,  including  active  countermeasures,  should  be  given 
priority  for  protection  and  should  not  fail  as  a  result  of  a  single  hit  by  the  specified  threat. 
Hazardous  circuits  should  be  isolated  from  potential  sources  of  short-circuit  actuation  or  failure 
from  primary  or  secondary  weapon  effects.  Multiple  or  cascading  failures  in  electrical  bus 
systems  should  be  avoided. 

Armament  System.  Armament  systems  should  be  designed  to  minimize  or  prevent  hazardous 
effects  from  hostile  weapons  on  the  aerospace  system,  as  specified  in  the  performance 
specification  and  in  the  implementing  documentation  of  this  section.  Provisions  should  be 
incorporated  to  delay  the  hazardous  response  of  the  aerospace  system’s  internal  and  external 
armament  loadings  when  subjected  to  fuel  fire,  such  as  from  JP-4,  JP-  5,  JP-8,  and  NATO  fuels. 

Environmental  Control  System.  The  environmental  control  system  should  be  designed  to 
minimize  the  effect  on  the  aircrew  and  essential  components  caused  by  hazardous  conditions 
from  the  specified  weapon  effects.  Such  conditions  include  explosive  decompression,  shattering 
of  liquid  oxygen  containers,  hot  gas  line  rupture,  etc.  Protection  should  be  provided  when  high- 
temperature  bleed  gases  or  engine  exhaust  fumes  are  routed  through  or  adjacent  to  compartments 
containing  combustibles  or  temperature-sensitive  structures. 

Launch/Recovery  System.  The  takeoff  and  landing  system  should  be  designed  to  allow 
recovery  of  the  aerospace  system  when  it  is  exposed  to  the  weapon  effects  specified  in  the 
aerospace  system’s  performance  specification  and  in  the  implementing  documentation  of  this 
section. 

Avionics  System.  The  installation  of  government-furnished  equipment  (GFE)  and  the  design  and 
installation  of  contractor-furnished  equipment  (CFE)  in  electronic  and  weapon-delivery  systems 
should  include  methods  to  minimize  equipment  failure  or  malfunction  from  the  weapon  effects 
specified  in  the  aerospace  system  performance  specification  and  in  the  implementing 
documentation  of  this  section.  Such  considerations  should  be  primary  design  factors  in  the 
installation  of  any  such  equipment  for  aerospace  system  application.  Provisions  to  delay  failure 
from  loss  of  normal  environmental  conditions  should  be  included  so  that  operations  can  be 
performed  in  degraded  modes.  The  following  features  should  be  included: 

•  The  avionics  system  (including  interconnecting  wiring)  should  incorporate  design  features 
that  minimize,  within  the  limits  of  practicality,  the  loss  of  mission-essential  functions 
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because  of  a  single  hit  from  a  specified  threat.  Avionics  components  supporting  nonessential 
functions  may  be  used  to  provide  shielding  for  components  supporting  essential  functions. 

•  Special  attention  should  be  given  to  reduction  of  the  vulnerability  of  avionics  components 
employed  in  flight-  or  mission-essential  functions.  These  essential  components  include 
electronic  flight  control  system  components,  engine  and  inlet  controls,  and  any  other 
components  in  which  electronic  or  fiber-optic  technology  has  been  substituted  for 
mechanical,  electromechanical,  or  hydraulic  power  and  control.  The  assessment  and  design 
should  also  consider  the  degradation  in  survivability  that  can  result  from  the  loss  of 
countermeasures,  navigation,  fire-control,  target  acquisition,  or  communication  capabilities. 

•  The  aerospace  system  should  not  be  vulnerable  to  mission  kill  from  non-nuclear 
electromagnetic  pulses. 

Laser  Vulnerability  Reduction 

When  laser  weapons  are  included  among  the  specified  threats,  the  contractor  should  design  the 
aerospace  system  to  withstand  the  specified  levels  of  laser  radiation.  Techniques  for  laser 
vulnerability  reduction  often  follow  the  same  guidelines  as  for  ballistic  vulnerability  reduction, 
such  as  providing  redundancy,  separation,  and  bumthrough  tolerance.  These  techniques  should 
be  supplemented  with  techniques  to  reflect  or  block  the  laser  energy,  where  required,  for  crew 
and  airframe  survivability.  Structural  tolerance  to  low-level  heating  should  be  incorporated  as 
specified  in  the  implementing  documentation. 
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4.0  SURVIVABILITY  VERIFICATION 
AND  DEMONSTRATION 


Susceptibility  Verification  and  Demonstration 

Tests  and  analyses  are  required  to  determine  aerospace  system  susceptibility  to  threat  systems 
and  to  verify  the  performance  of  reduced  signatures,  threat  warning  systems,  and 
countermeasures. 


The  goal  of  T&E  is  finding  and  correcting  problems  early.  In  general,  maximizing  the  use  of 
digital  pilot-in-the-loop  M&S  and  in-flight  simulation  and  ground  testing  (in  SILs,  HITL 
facilities,  and  ISTFs)  prior  to  and  during  flight  tests  reduces  overall  test  costs,  since  open 
environment  flight  tests  are  the  most  costly  portion  per  capita  of  the  T&E  resource  categories. 
The  relationship  of  cost  to  each  type  of  test  is  shown  in  Figure  2. 


Relative- 

Cost 


Figure  2.  Relative  Costs,  T&E  Resource  Utilization 


Digital  models  and  computer  simulations  are  used  to  represent  systems,  host  platforms,  other 
friendly  players,  the  combat  environment,  and  threat  systems.  Such  threat  simulations  and 
missile  flyout  models  can  be  used  to  help  design  and  define  EW  systems  and  testing.  Because  of 
the  relatively  low  cost  of  exercising  these  models,  this  type  of  activity  can  be  run  many  times  to 
check  what-ifs  and  explore  the  widest  possible  range  of  system  parameters  without  concern  for 
flight  safety.  These  models  may  run  interactively  in  real  or  simulated  time  and  space  domains, 
along  with  other  aspects  of  a  combat  environment,  to  support  the  entire  T&E  process. 
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Throughout  the  acquisition  process,  a  system  will  be  continuously  evaluated  to  ensure  that 
operational  effectiveness,  operational  suitability,  and  performance  requirements  can  be  met.  As 
each  candidate  system  evolves,  vulnerability/susceptibility  analyses  and  survivability 
assessments  are  conducted  to  evaluate  the  effectiveness  of  individual  survivability  design 
features. 

Vulnerability  Verification  and  Demonstration 

Tests  and  analyses  are  required  to  determine  aerospace-system  vulnerability  and  show  that  the 
various  aerospace  systems  will  meet  the  requirements.  The  purpose  of  this  program  is  to 
determine  system,  subsystem,  and  component  combat  sensitivity,  as  well  as  to  verify  the  design 
and  materials.  The  program  should  include  ballistic  firing,  controlled  damage  tests,  and  a 
vulnerability  reduction  demonstration.  The  tests  should  be  conducted  on  actual  or  simulated 
components  (of  the  same  material  and  design  as  the  actual  components),  and  on  complete 
subsystems  or  portions  thereof. 

Title  10  United  States  Code  Section  2366  mandates  LFT&E  for  all  covered  systems,  programs, 
or  covered  product  improvement  programs.  The  term  “covered  system”  means  a  system  that  the 
Director,  OT&E,  has  determined  to  be  a  major  system  within  the  meaning  of  that  term  in  id  USC 
2302(5)  that  is  one  of  the  following: 

•  User-occupied  and  designed  to  provide  some  degree  of  protection  to  the  system  or  its 
occupants  in  combat. 

•  A  conventional  munitions  program  or  missile  program. 

•  A  conventional  munitions  program  for  which  more  than  1,000,000  rounds  are  planned  for 
acquisition. 

•  A  modification  to  a  covered  system  that  is  likely  to  affect  significantly  the  survivability 
or  lethality  of  such  a  system. 

Vulnerability  reduction  substantiation,  verification,  and  demonstration  tests  should  be  integrated 
and  “piggybacked”  on  other  existing  endurance,  fatigue,  and  failure  types  of  test  programs  to  the 
fullest  extent  possible.  Below  is  a  brief  description  of  the  three  general  types  of  test  and  their 
procedures.  The  contractor  should  specify  proposed  tests  in  the  Survivability  Program  Plan. 

Gunfire  Tests.  For  gunfire  tests  the  following  brief  information  should  be  provided  for  each 
component: 

•  Component  identification 

•  Number  of  specimens 

•  Threat  caliber(s)  and  type(s) 

•  Type  of  structural  loading  during  impact,  if  any 

•  Type  of  structural  post-damage  test,  if  any 
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Ballistic  Firing  Tests.  Ballistic  tests  should  be  conducted  to  determine  the  extent  of  damage  to  a 
critical  component  by  an  impact  whether  or  not  armor  or  other  integral  shielding  is  present,  and 
the  resultant  component  or  specimen  failure  mode,  reaction,  and  secondary  effects.  The  “worse- 
case”  conditions  should  be  used  for  gunfire  tests,  with  the  following  considerations  taken  into 
account:  projectile  type,  projectile  orientation  (straight-in  versus  degree  of  tumble),  angle  of 
attack,  obliquity,  projectile  striking  velocity,  load  and  speed  characteristics,  and  the  most 
vulnerable  location.  Components  should  be  under  load  to  simulate  operation  during  ballistic 
impacts.  In  general,  post-damage  structural  tests  should  be  of  the  same  type  used  to  qualify  that 
component  (static,  fatigue,  or  operational  run).  Qualification  and  acceptance  tests  of  armor 
materials  should  be  of  the  V50  type.  Armor  installation  adequacy  should  also  be  determined. 

Controlled-Damage  Tests.  Controlled-damage  tests  simulate  the  secondary  effects  of  projectile 
damage.  Where  primary  damage  can  be  accurately  predicted  and  is  not  solely  responsible  for 
component  or  subsystem  failure,  tests  should  be  conducted  without  using  gunfire  to  initiate  the 
failure  sequence.  Typical  measures  collected  during  these  tests  are  for  oil  leakage  rate,  oil 
starvation,  fuel  leakage  and  drainage,  fire  detection  and  prevention,  adequate  or  redundant 
designs,  and  adequacy  of  hydraulic  subsystem  leakage  and  redundancy.  These  tests  should  be 
conducted  under  the  direction  of  cognizant  contractor  personnel  of  the  particular  functional  area. 
Whenever  possible  the  tests  should  be  “piggybacked”  on  other  endurance,  fatigue,  or  failure 
types  of  test  programs. 

Vulnerability  Demonstration 

A  vulnerability  demonstration  should  be  conducted  with  an  aerospace  system  to  assure  that  the 
design  concept,  configuration,  integration,  and  subsystem  designs  meet  the  system  specification 
requirements  for  the  ground  test  vehicle,  static  test  article,  or  other  production  representative  test 
article. 

The  program  should  include  ballistic  firing  tests  or  destructive  secondary-damage  tests, 
conducted  as  follows: 

•  Fire/explosion  prevention  plus  hydraulic  ram  effect  tests  involve  firing  threat 
projectiles  at  fuel  plumbing  and  tanks  or  other  structures  above  and  below  the  fuel  level 
under  typical  environmental  conditions. 

•  Crew  compartment  tests  involve  firing  threat  projectiles  to  determine  the  level  of 
ballistic,  spall,  and  debris  protection  for  the  pilot  and  co-pilot  with  all  shielding 
(including  armor)  and  hazardous  items  in  their  proper  place. 

•  Tests  of  support  systems’  control  systems  and  engines  involve  firing  threat  projectiles 
at  various  mechanical,  hydraulic,  and  electrical  system  areas  to  qualify  adequate 
separation  of  redundant  components  and  to  prevent  one  failed  component  from 
destroying  a  second  one. 

•  Structural  response  to  internal  blast  involves  firing  threat  projectiles  against  critical 
structural  areas. 
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Component  Selection 

Critical  components  for  testing  should  be  selected  based  on  the  vulnerability  analysis  and 
verification  tests.  Additional  components  and  subsystems,  which  can  best  be  tested  when  they 
are  installed,  should  be  included  to  determine  the  secondary  effects  such  as  jamming,  spall, 
redundancy,  separation,  shielding,  and  fire  or  explosion.  Other  conditions  to  be  tested  involve 
multiple  subsystems,  “kills”  by  a  single  projectile,  and  kills  of  one  subsystem  by  another  because 
of  the  two  subsystems’  close  proximity.  Some  items  and  subsystems  may  have  reactions  to 
ballistic  testing  that  will  produce  effects  not  otherwise  readily  determinable.  Representative 
aerospace-system  components,  for  example,  may  be  previously  tested  or  reject  items. 

The  following  is  a  list  of  subsystems  with  some  examples  of  typical  critical  components  that 
should  be  subjected,  where  applicable,  to  verification  tests: 

•  Fuel  Subsystem  —  fuel  cells,  fittings,  pumps,  sumps,  and  ullage  inerting  or  void  area- 
protection  systems. 

•  Control  Subsystem  —  rods,  bellcranks,  mixing  units,  combining  units,  actuators,  pitch 
change  links,  cables,  swashplates. 

•  Drive  Subsystem  —  Driveshafts,  hangar  bearing  assemblies,  main  transmission, 
gearboxes,  lubricant  sumps,  and  reservoirs. 

•  Support  Subsystems  —  hydraulic  actuators,  wire  bundles,  fluid  lines. 

•  Rotor  —  blades  and  hub  assemblies. 

•  Crew  Station  —  pilot  and  co-pilot  seat  armor,  instrument  panel  material,  canopy, 
windshield,  crew  separation  barrier. 

•  Structure  —  fuselage,  tailboom,  and  structural  attachment  fittings  for  transmissions, 
gearboxes,  and  vertical  stabilizer. 

•  Engine  Installation  —  mounts,  separation  structure,  controls. 

•  Ammunition  Feed  and  Storage  —  ammo  magazine,  ammo  conveyors,  missile  pods. 

Reports  on  Results 

In  each  of  the  test/verification  efforts  above,  the  contractor  should  document: 

•  The  methods  of  testing,  facilities  used,  and  test  instrumentation. 

•  The  criteria  for  establishing  failure  modes. 

•  The  procedures  for  comparing  test  data  with  analytical  data. 

Test  results  should  be  reported  in  periodic  progress  reports,  if  required  by  the  Contract  Data 
Requirements  List  (CDRL),  or  quarterly  if  no  other  progress  report  is  specified. 
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5.0  ADDITIONAL  CONSIDERATIONS 


Survivability  Enhancement  Trade  Studies 

The  developer  should  conduct  survivability  enhancement  trade  studies.  These  studies  should 
identify  the  effects  of  variations  in  each  significant  survivability  analysis  parameter  (e.g.,  threat, 
mission,  operational  utilization,  performance,  and  incorporation  of  survivability  enhancement 
techniques)  on  overall  combat  effectiveness,  cost,  and  schedule.  The  developer  should 
continuously  evaluate  trades  affecting  survivability  enhancement  and  should  take  appropriate 
design  or  design-change  action  to  ensure  optimum  aerospace  system  survivability  in  terms  of 
overall  combat  effectiveness,  cost,  and  schedule.  The  trade  study  should  contain  information  on 
the  following: 

•  Survivability  enhancement  techniques  considered. 

•  Vulnerability  reduction  realized  with  respect  to  specified  threats  and  kill  criteria. 

•  Susceptibility  reduction  with  respect  to  specified  threats. 

•  Impacts  on  weight,  performance,  cost,  reliability,  maintainability,  safety,  ease  of 
reparability,  producibility  schedule,  etc. 

•  Verification  test  requirements,  if  needed  to  verify  improvement  in  survivability. 

•  Recommendations  and  alternatives  regarding  optimum  design  and  configuration. 

•  Details  on  installation  and  removal  if  “kit  form”  techniques  are  recommended  for  use. 

System  Cost  Effectiveness  Analysis 

The  contractor  should  conduct  a  cost  effectiveness  analysis  to  support  trade  studies  of  candidate 
survivability  enhancement  techniques.  The  methodology  may  be  government-provided  or 
government-approved  (as  specified  in  the  procurement  document).  The  method  should  provide 
MOEs  with  which  to  compare  the  relative  effectiveness  of  proposed  survivability  techniques 
along  with  their  associated  costs.  These  techniques  should  involve  reduction  of  detection  and 
survivability  aids  as  well  as  vulnerability  reduction.  Cost  analysis  activity  in  support  of  trade 
studies  should  be  documented  to  include  the  data  rationale  and  proceclures  used  in  developing 
cost  estimates. 

Management  of  Product  Changes 

Design  is  seldom  if  ever  a  one-step  process.  Throughout  the  acquisition  life  cycle,  changes  to  the 
design  will  occur.  These  changes  may  result  from  advances  in  technology,  improved 
manufacturing  capability,  feedback  from  the  field,  changes  in  user  requirements,  etc.  Each 
change  drives  another  visit  to  the  systems  engineering  process  —  the  fundamental  problem¬ 
solving  tool  —  whereby  requirements  are  analyzed,  allocated,  designed  to,  and  finally  fielded. 
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The  program  manager,  along  with  technical  support  from  the  systems  engineering  community, 
has  the  job  of  ensuring  that  all  the  changes  to  the  design  are  reasonable  and  resulting  variances  in 
cost,  manufacturability,  reliability,  supportability,  and  performance  are  acceptable  from  a 
systems  point  of  view  before  such  changes  are  implemented. 

Engineering  Use  of  M&S  in  the  System 
Development  and  Demonstration  Phase 

A  major  focus  of  M&S  in  the  system  development  and  demonstration  phase  is  on  engineering- 
level  models,  which  are  used  for  detailed  survivability  design,  engineering  trades,  test  planning 
and  support,  subsystem  and  system  performance,  and  verification  of  compliance  with 
specifications.  Models  and  simulations  also  support  cost/performance  analysis  and  ORD  updates, 
Developmental  Tests  (DT)  and  OT&E,  and  preparations  for  production  and  deployment  of  the 
system. 

Several  uses  of  M&S  in  this  phase  are  described  below: 

•  Engineering-level  M&S  of  proposed  systems  and  subsystems  are  used  for  survivability 
detailed  design  and  assembly  of  subsystems,  components,  and  piece  parts.  Performance 
requirements  are  verified  using  a  combination  of  testing  and  simulation. 

•  Hardware/sofiware  in  the  loop  (HW/SWIL)  simulations  are  used  in  a  model-test-model 
process  for  survivability-related  pre-test  planning,  test  execution,  and  post-test  analysis. 
Such  simulations  are  able  to  identify  problems  in  actual  test  hardware  before  conducting 
live  tests  (i.e.,  live  simulations)  on  the  range.  The  simulations  also  provide  for  parameter 
variation  studies  and  augment  the  matrix  of  test  conditions.  The  performance  estimates 
from  simulations  during  this  phase  along  with  live  simulation  (test)  data  provide  input  for 
M&S  at  other  levels  or  of  other  classes. 

•  Cost  models  are  able  to  incorporate  survivability  cost  data  from  engineering  models  and 
actual  LRIP  hardware  for  the  program  cost  estimates  and  cost/performance  analysis 
updates. 

•  Engagement  and  mission/battle  M&S  are  used,  again  to  evaluate  how  well  the 
survivability  designs  allow  the  proposed  system  to  achieve  the  necessary  MOE. 
Theater/campaign-level  M&S  are  used  to  assess  the  proposed  system  and  determine  its 
impact  on  conflict  outcomes. 

•  Human  interactive  simulations  will  continue  to  examine  tactics  within  the  above 
framework  of  constructive  models,  but  will  be  more  likely  to  focus  on  continued 
refinement  of  human-machine  interfaces  associated  with  survivability. 

•  Virtual  simulations  can  be  used  to  evaluate  systems  performance  and  effectiveness.  A 
virtual  prototype  can  be  used  to  support  development  efforts  including  survivability 
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design,  support  (such  as  maintenance  walk-throughs),  manufacturing,  and  training. 
Members  from  every  functional  discipline  share  the  same  electronic  representation  of  the 
system,  thus  facilitating  integrated  product  and  process  development.  As  weapon  system 
trainers  leam  their  tasks,  they  should  take  maximum  advantage  of  the  M&S  used  in 
developing  the  system  itself.  As  these  trainers  are  developed  and  made  available,  they 
may  be  used  for  training  test  crews  and  mission  rehearsal  for  live  simulations  (such  as 
OT&E  planning). 

•  Live  survivability  simulations  may  take  the  form  of  live  exercises,  or  instrumented 
prototype  tests,  including  Initial  Operational  Test  and  Evaluation  (IOT&E).  Managers 
should  insist  that  data  obtained  in  these  tests  are  used  for  further  M&S  validation. 

•  A  combination  of  engineering,  engagement,  mission  and  campaign  simulations,  as 
described  in  the  program  Test  and  Evaluation  Master  Plan  (T  ),  will  be  required  to 
augment  the  developmental  and  operational  test  program  during  the  system  development 
and  demonstration  phase.  Earlier  program  efforts  to  define  the  appropriate  survivability 
models  and  simulations;  perform  verification,  validation  and  accreditation  (VV&A)  on 
them;  and  determine  the  relationships  among  MOEs  and  Measures  of  Performance 
(MOPs)  are  critical  to  the  successful  application  of  M&S  to  support  or  augment  the  test 
program. 

Models  and  simulations  not  only  support  detailed  survivability  design  during  this  phase,  but  also 
continue  as  key  tools  for  the  IPPD.  M&S  will  reduce  design  risk  by  allowing  all  of  the  functional 
disciplines  to  work  from  the  same  design  database.  A  reduced  number  of  engineering  change 
proposals  (ECP)  will  be  an  important  result  of  this  activity.  HW/SWIL  simulations  will  result  in 
significant  risk  reduction  in  T&E  through  planning,  hardware  checkout,  and  mission  rehearsal. 
Finally,  the  transition  to  production  will  take  place  with  reduced  risk  because  digital  design  data 
will  be  electronically  transferred  directly  to  the  manufacturing  floor. 

At  the  end  of  the  system  development  and  demonstration  phase,  the  system’s  detailed 
survivability  design,  including  definition  of  production  and  support  processes,  is  complete.  In 
accordance  with  M&S  planning  conducted  beginning  in  the  concept  and  technology 
development  phase,  the  program  office  should  be  prepared  to  maintain  the  survivability  M&S 
that  will  be  needed  for  continued  support  of  the  weapon  system  during  its  life  cycle.  The  PM  also 
needs  to  consider  how  to  make  representations  (models)  of  the  system  available  to  others  outside 
the  program  office  who  may  have  a  need  to  use  them. 

One  tool  the  survivability  engineer  will  find  particularly  useful  from  concept  to  production  is 
virtual  prototyping,  a  computer-based  simulation  that  possesses  functional  realism  comparable  to 
that  of  a  physical  prototype.  This  technology  can  maximize  benefits  of  integrated  product  teams 
through  the  use  of  scientific  data  visualization,  three-dimensional  drawings,  and  animated 
simulations.  Rapid  multidisciplinary  communication  translates  to  more  robust  designs,  lower 
design  and  manufacturing  costs,  and  compressed  cycle  time;  and  it  facilitates  the  DoD  dual-use 
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thrust  because  of  its  electrical  transportability,  its  capability  of  reusing  designs,  and  its  ability  to 
rapidly  reconfigure  system  characteristics  throughout  the  engineering  design  process. 
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6.0  SUMMARY 

The  survivability  engineer  supports  the  technical  program  efforts  of  design  engineering,  specialty 
engineering,  production  engineering,  and  integrated  test  planning  including,  but  not  limited  to, 
the  engineering  effort  to  transform  a  survivability  operational  need  or  statement  of  deficiency 
into  a  description  of  system  requirements  and  a  preferred  system  configuration;  and  the  technical 
planning  and  control  effort  to  plan,  monitor,  measure,  evaluate,  direct,  and  replan  management  of 
the  technical  program.  If  a  prime  contract  is  in  force,  the  design  engineering  and  production 
engineering  directly  related  to  the  products  or  services  of  a  deliverable  end  item  are  the 
responsibility  of  the  prime  contractor. 

The  design  process  follows  from  a  set  of  stated  requirements  for  a  system  and  evolves  through 
(1)  conceptual  design  (establishment  of  performance  parameters,  operational  requirements,  and 
support  policies),  (2)  preliminary  systems  design,  and  (3)  detailed  design.  This  process  generally 
begins  with  a  visualization  of  what  is  required  and  extends  through  the  development,  test,  and 
evaluation  of  an  engineering  or  prototype  model  of  the  system.  The  output  constitutes  a 
configuration  that  can  be  directly  produced  or  constructed. 

From  a  systems  engineering  standpoint,  the  survivability  engineer  becomes  a  primary  participant 
in  design  synthesis  and  verification  activities  that  translate  functional  and  performance 
requirements  into  design  solutions.  These  solutions  need  to  be  in  sufficient  detail  to  verify  that 
requirements  have  been  met.  Verification  of  the  design  must  include  a  cost-effective 
combination  of  design  analysis,  design  M&S,  demonstration,  and  testing.  The  verification 
process  must  address  the  design  tools,  products,  and  processes. 

Inherent  within  the  systems  engineering  process  is  an  ongoing  analytical  effort.  Throughout  the 
design  and  development  of  a  system,  many  different  alternatives  (or  concepts)  require  evaluation 
and  trades.  The  process  of  investigating  and  evaluating  these  alternatives  constitutes  an  ongoing 
analytical  effort.  To  accomplish  this  activity  in  an  effective  manner,  the  engineer  and/or  analyst 
relies  on  the  use  of  analytical  techniques/tools  for  early  trades  and  to  facilitate  the  quantitative 
system  analysis  process  delineated  below: 

•  Define  the  problem. 

•  Identify  analysis  requirements. 

•  Select  evaluation  criteria. 

•  Establish  models  and  simulation  requirements. 

•  Acquire  necessary  models  and  simulation. 

•  Generate  input  data. 

•  Perform  analysis. 
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A  typical  work  breakdown  structure  for  survivability  enhancement  is  provided  below: 
Enhancements 

>  Aircraft  design  enhancement 

•  Signature  suppression 

V  Radar 

V  Infrared 

V  Acoustical 

V  Optical,  etc. 

•  Low  vulnerability 

V  Threats 

-  Conventional  (ballistic  projectiles  and  missile  warheads) 

-  Weapons  bay/munitions  vulnerability 

-  Chemical,  biological,  and  radiological 

-  Directed  energy  (high-  and  low-energy  lasers  and  other  directed 
energy) 

-  Nuclear 

V  Component 

-  Component  elimination 

-  Component  relocation 

-  Component  shielding 

-  Component  material  improvement 

V  System/subsystem  design  enhancement  (redundancy,  active  damage 
suppression,  passive  damage  suppression) 

-  Fuselage  tank  fire  and  explosion 

-  Fire-protected  APU  bay 

-  Engine  bay  fire  protection 

V  Integrated  fire/explosion  protection 

-  Fire/explosion  protection  systems  for  next-generation  aircraft 

-  Weapons  bay/munitions  vulnerability 

V  Fire  detection  and  extinguishing  system 

•  Susceptibility  enhancement  (reduction) 

V  Susceptibility  reduction  through  EO/IR  techniques 

-  Pointing  and  tracking  Countermeasures 

-  Imaging  seeker  IRCM 

-  Off-board  laser  CM  flight  test 

-  Short-pulse  laser  effectiveness 

-  Post-burnout  missile  tracking/cued  detection 

-  IR  kinematic  special  decor  (KSD) 

V  Susceptibility  reduction  through  RF  techniques 

-  Innovative  radar  countermeasures 

-  Radar  deception  and  jamming  ATD 
^Susceptibility  reduction  through  LO  techniques 
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-  Ceramic  insulation  for  helicopter  engine  nacelles 

-  Active  control  of  external  helicopter  noise 

-  Low  observables  material  operational  usage  evaluation 
V  Acoustic 

d  Visual 


>  Aircraft  utilization  enhancements 

•  Tactics 

•  Countermeasures 

•  Self-  protection  systems 

V  Intercept  weapons 

V  Attack  weapons 

V  Antiradiation  weapons 

>  Subsystem  design  enhancement 

•  Redundancy 

•  Active  damage  suppression 

•  Passive  damage  suppression 

Survivability  engineering  design  documentation/data 


> 


> 

> 

> 

> 

> 

> 

> 

> 


Design-discipline  data/reports  of  analytical  data 

•  RCS  and  jamming-to-signal  (J/S)  ratio 

•  Threat  and  operational  scenario  database 

•  Survivability  assessment  database 

•  Alarm  database  development 
Technical  manuals 

Logistic  support  data 
Supplier  data 
Management  data 
Field  data/failure  reports 
Database  (depositoiy) 

Combat  and  accident  data 
Documentation 

•  Specifications 

•  Manuals 

•  Standards 


Training  requirements 

>  Training  services 

>  Training  equipment 

>  Training  data 

>  Training  facilities 
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Provisioning 

>  Spare  parts 

>  Repair  parts,  all  levels 

>  Consumable  materials 

Inventory  control 
Facilities  (warehousing) 

>  Personnel  facilities 

>  Test  and  evaluation  facilities 

>  Maintenance  facilities 

Capital  equipment 
Utilities 
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